<h1>User hinzuf&uuml;gen</h1>

<?php
if(!has_permission(PERM_ADMIN)) exit();

if(isset($_GET["action"]) && $_GET["action"] == "add") {
 db_query("INSERT INTO user (id, name, pwd, mail) VALUES ('', '".secure_mysql_string($_POST["name"])."', '".sha1($_POST["name"]."$".$_POST["pwd"])."', '".secure_mysql_string($_POST["mail"])."')");
 db_query("INSERT INTO permissions (id, user, perm1, perm2, perm3) VALUES('', '".secure_mysql_string($_POST["name"])."', 0, 0, 0)");
 if(isset($_POST["p_admin"]) && $_POST["p_admin"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_ADMIN);
 if(isset($_POST["p_news"]) && $_POST["p_news"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_WRITE_NEWS);
 if(isset($_POST["p_termin"]) && $_POST["p_termin"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_ADD_DATE);
 if(isset($_POST["p_pic"]) && $_POST["p_pic"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_UPLOAD_PIC);
 if(isset($_POST["p_invite"]) && $_POST["p_invite"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_SEND_INVITATION);
 if(isset($_POST["p_group_msg"]) && $_POST["p_group_msg"] == "1") set_permission(secure_mysql_string($_POST["name"]), PERM_SEND_GROUP_PM);
 _log(LOG_ADMIN, "User '".secure_mysql_string($_POST["name"])."' added.");
}
?>

<form action="index.php?page=user&amp;filter=new&amp;action=add" method="POST">
 Name: <input type="text" name="name"><br>
 Password: <input type="text" name="pwd"><br>
 E-Mail: <input type="text" name="mail"><br>
 <br>
 Berechtigungen:
 <table>
  <tr><td><input type="checkbox" name="p_admin" value="1">Admin</td></tr>
  <tr><td><input type="checkbox" name="p_news" value="1">News erstellen</td></tr>
  <tr><td><input type="checkbox" name="p_termin" value="1" checked="checked">Termin erstellen</td></tr>
  <tr><td><input type="checkbox" name="p_pic" value="1">Bilder uploaden</td></tr>
  <tr><td><input type="checkbox" name="p_invite" value="1">Einladungen versenden</td></tr>
  <tr><td><input type="checkbox" name="p_group_msg" value="1" checked="checked">Gruppennachrichten versenden</td></tr>
  
 </table>
 <br>
 <input type="submit" value="Erstellen">
</form>

<?php

?>
